bisecting fixing commit since 59456c9cc40c8f75b5a7efa0fe1f211d9c6fcaf1
building syzkaller on a2fe1cb58994e43fb14f141ecd6e6dcce9bb697a
testing commit 59456c9cc40c8f75b5a7efa0fe1f211d9c6fcaf1
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 626673fcfea27dfc56f752ebe50e496e7550eaafaac1ed537f983dfe5676ccaf
run #0: crashed: BUG: soft lockup in tipc_conn_recv_work
run #1: crashed: BUG: soft lockup in cleanup_net
run #2: crashed: BUG: soft lockup in tipc_topsrv_accept
run #3: crashed: BUG: soft lockup in cleanup_net
run #4: crashed: BUG: soft lockup in cleanup_net
run #5: crashed: BUG: soft lockup in tipc_conn_recv_work
run #6: crashed: BUG: soft lockup in cleanup_net
run #7: crashed: BUG: soft lockup in cleanup_net
run #8: crashed: BUG: soft lockup in cleanup_net
run #9: OK
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
reproducer seems to be flaky
testing current HEAD b172b44fcb1771e083aad806fa96f3f60e2ddfac
testing commit b172b44fcb1771e083aad806fa96f3f60e2ddfac
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 3027de1f0a21a7e95746c30911b7fde5b5af3daeac0af0f23de502e74213c9f8
run #0: crashed: BUG: soft lockup in cleanup_net
run #1: crashed: BUG: soft lockup in tipc_topsrv_accept
run #2: crashed: BUG: soft lockup in cleanup_net
run #3: crashed: BUG: soft lockup in cleanup_net
run #4: crashed: BUG: soft lockup in tipc_topsrv_accept
run #5: crashed: BUG: soft lockup in cleanup_net
run #6: crashed: BUG: soft lockup in cleanup_net
run #7: crashed: BUG: soft lockup in tipc_conn_recv_work
run #8: crashed: BUG: soft lockup in tipc_topsrv_accept
run #9: crashed: BUG: soft lockup in cleanup_net
run #10: crashed: BUG: soft lockup in cleanup_net
run #11: crashed: BUG: soft lockup in cleanup_net
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
Reproducer flagged being flaky
revisions tested: 2, total time: 45m9.034507108s (build: 21m21.662978707s, test: 23m25.169902076s)
the crash still happens on HEAD
commit msg: Linux 4.19.206
crash: BUG: soft lockup in cleanup_net
IPVS: ftp: loaded support on port[0] = 21
Bluetooth: hci3: command 0x0419 tx timeout
Bluetooth: hci4: command 0x0419 tx timeout
Bluetooth: hci1: command 0x0419 tx timeout
IPVS: ftp: loaded support on port[0] = 21
watchdog: BUG: soft lockup - CPU#0 stuck for 23s! [kworker/u4:0:7]
Modules linked in:
irq event stamp: 607015
hardirqs last  enabled at (607014): [<ffffffff810034e4>] trace_hardirqs_on_thunk+0x1a/0x1c
hardirqs last disabled at (607015): [<ffffffff81003500>] trace_hardirqs_off_thunk+0x1a/0x1c
softirqs last  enabled at (601702): [<ffffffff861208af>] spin_unlock_bh include/linux/spinlock.h:374 [inline]
softirqs last  enabled at (601702): [<ffffffff861208af>] release_sock+0x11f/0x180 net/core/sock.c:2892
softirqs last disabled at (601704): [<ffffffff874d417e>] spin_lock_bh include/linux/spinlock.h:334 [inline]
softirqs last disabled at (601704): [<ffffffff874d417e>] tipc_topsrv_stop net/tipc/topsrv.c:702 [inline]
softirqs last disabled at (601704): [<ffffffff874d417e>] tipc_topsrv_exit_net+0x1fe/0x4d0 net/tipc/topsrv.c:722
CPU: 0 PID: 7 Comm: kworker/u4:0 Not tainted 4.19.206-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: netns cleanup_net
RIP: 0010:tipc_topsrv_stop net/tipc/topsrv.c:699 [inline]
RIP: 0010:tipc_topsrv_exit_net+0x1e0/0x4d0 net/tipc/topsrv.c:722
Code: 45 31 f6 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 48 01 d0 48 89 45 c0 49 63 f6 48 89 df e8 27 b7 2f 00 48 85 c0 48 89 45 d0 <74> 1c 4c 89 ef e8 d6 01 58 00 48 8b 45 d0 48 89 c7 e8 9a d7 ff ff
RSP: 0018:ffff8880b599fbd0 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
RAX: 0000000000000000 RBX: ffff8880b5162d40 RCX: 0000000000000006
RDX: 0000000000000000 RSI: ffffffff99d3b4af RDI: ffff8880b5162d40
RBP: ffff8880b599fc10 R08: ffff8880b5162d40 R09: ffff8880b5162d80
R10: 0000000000000000 R11: 0000000000000040 R12: ffff8880806a4a40
R13: ffff8880b5162d90 R14: 0000000099d3b4af R15: ffff8880b5162e30
FS:  0000000000000000(0000) GS:ffff8880ba200000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055b5737ca988 CR3: 0000000097b02000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 ops_exit_list.isra.0+0x8b/0x120 net/core/net_namespace.c:153
 cleanup_net+0x368/0x850 net/core/net_namespace.c:553
 process_one_work+0x7b9/0x15a0 kernel/workqueue.c:2153
 worker_thread+0x85/0xb60 kernel/workqueue.c:2296
 kthread+0x347/0x410 kernel/kthread.c:259
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1 skipped: idling at native_safe_halt+0x12/0x20 arch/x86/include/asm/irqflags.h:60
----------------
Code disassembly (best guess):
   0:	45 31 f6             	xor    %r14d,%r14d
   3:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
   a:	fc ff df
   d:	48 c1 ea 03          	shr    $0x3,%rdx
  11:	48 01 d0             	add    %rdx,%rax
  14:	48 89 45 c0          	mov    %rax,-0x40(%rbp)
  18:	49 63 f6             	movslq %r14d,%rsi
  1b:	48 89 df             	mov    %rbx,%rdi
  1e:	e8 27 b7 2f 00       	callq  0x2fb74a
  23:	48 85 c0             	test   %rax,%rax
  26:	48 89 45 d0          	mov    %rax,-0x30(%rbp)
* 2a:	74 1c                	je     0x48 <-- trapping instruction
  2c:	4c 89 ef             	mov    %r13,%rdi
  2f:	e8 d6 01 58 00       	callq  0x58020a
  34:	48 8b 45 d0          	mov    -0x30(%rbp),%rax
  38:	48 89 c7             	mov    %rax,%rdi
  3b:	e8 9a d7 ff ff       	callq  0xffffd7da